EP2178323B1 - Protection of services in mobile network against CLI-spoofing - Google Patents

Protection of services in mobile network against CLI-spoofing Download PDF

Info

Publication number
EP2178323B1
EP2178323B1 EP08018300A EP08018300A EP2178323B1 EP 2178323 B1 EP2178323 B1 EP 2178323B1 EP 08018300 A EP08018300 A EP 08018300A EP 08018300 A EP08018300 A EP 08018300A EP 2178323 B1 EP2178323 B1 EP 2178323B1
Authority
EP
European Patent Office
Prior art keywords
service
network
time
communication network
node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
EP08018300A
Other languages
German (de)
French (fr)
Other versions
EP2178323A1 (en
Inventor
Hans Frederik Oortmarssen
Alexander Franciscus Rambelje
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Koninklijke KPN NV
Original Assignee
Koninklijke KPN NV
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Koninklijke KPN NV filed Critical Koninklijke KPN NV
Priority to EP08018300A priority Critical patent/EP2178323B1/en
Priority to ES08018300T priority patent/ES2400166T3/en
Priority to PL08018300T priority patent/PL2178323T3/en
Priority to JP2009236789A priority patent/JP4897864B2/en
Priority to US12/582,485 priority patent/US8804932B2/en
Publication of EP2178323A1 publication Critical patent/EP2178323A1/en
Application granted granted Critical
Publication of EP2178323B1 publication Critical patent/EP2178323B1/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/38Graded-service arrangements, i.e. some subscribers prevented from establishing certain connections
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/084Access security using delegated authorisation, e.g. open authorisation [OAuth] protocol
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/121Timestamp
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/42Systems providing special services or facilities to subscribers
    • H04M3/50Centralised arrangements for answering calls; Centralised arrangements for recording messages for absent or busy subscribers ; Centralised arrangements for recording messages
    • H04M3/53Centralised arrangements for recording incoming messages, i.e. mailbox systems
    • H04M3/533Voice mail systems

Definitions

  • the invention relates to controlling access of a mobile communication device to a service on a communication network via a connection from outside the communication network.
  • the invention also relates to a data processing apparatus and to control software for controlling the access.
  • the caller identification (Caller ID) function in a telecommunications network is a service that provides information to the called party or to the called service about an identity of the calling party.
  • the Caller ID function is also referred to as "Calling Line Identification” (CLI) or "Calling Party Id”.
  • CLI enables the called party or called service to identify and authorize the calling party.
  • Caller ID is a simple string of data that can easily be generated by a small software program. Telemarketers and others have been using a feature to interfere with the CLI function so as to change their identity or hide their identity from the called party.
  • CLI spoofing and "CLI spoofing” are expressions given to this practice of causing the telecommunications network to provide to the called party identity information that is different from the identity information from the actual originating party. CLI spoofing is not only abused to trick a called party into answering the telephone, but also to access someone else's voice mail in a voice mail system that uses CLI for identification.
  • CLI spoofing is not a risk if the initiating call originates within the operator's network, as the integrity of the CLI is guaranteed. There is a risk, however, if the initiating call is generated in another network than the home network of the operator, as the CLI can have been manipulated. For example, the CLI can be manipulated in external voice-over-IP (VoIP) networks. As a consequence, there is a risk that any call entering the home network has a CLI that has been manipulated.
  • VoIP voice-over-IP
  • CAMEL Mobile telephone networks have been adopting an infrastructure, referred to as "CAMEL", for controlling calls.
  • CAMEL Customised Applications for Mobile networks Enhanced Logic, which is an ETSI/3GPP standard.
  • CAMEL refers to a set of standards designed to work on a GSM or UMTS network. The standards allow an operator to define services on top of the conventional GSM or UMTS services.
  • the CAMEL architecture itself is based on Intelligent Network (IN) standards.
  • the IN architecture is intended for fixed telecommunications networks, as well as mobile telecommunications networks.
  • the IN standards use the Signaling System #7 (SS7) protocol between telephone network switching centers and other network nodes owned by network operators. SS7 is a high-speed and high-performance packet-based communications protocol for controlling the call.
  • SS7 Signaling System #7
  • CAMEL-based network provides a high level of security and CLI spoofing within a CAMEL-based network is considered a very low risk, if any at all.
  • CAMEL allows mobile telephone network operators to offer the same IN services to their subscribers while they are roaming other CAMEL-based networks as they receive in their home CAMEL-based network, i.e., the network of the operator to whom they have subscribed.
  • a commonly applied defense mechanism to counter CLI spoofing when used to access voice mail from outside the operator's network is to request the accessing party to enter a secret password shared between the owner of the voice mail account and the voice mail system.
  • the password is, e.g., a numeric password such as a personal identification number (PIN), or a combination of the PIN and the telephone number of the communications device associated with the account.
  • PIN personal identification number
  • the password can be used for protection of other network services that are based on CLI such as customer service of the network operator, a help-desk service, a self-care voice portal, etc.
  • customer service of the network operator a help-desk service
  • a self-care voice portal etc.
  • a validation system receives the call signaling, and processes the call signaling to identify originating node information in the call signaling.
  • the originating node information is inserted by the communication network when handling the call and pertains to a network node that originates the call into the network.
  • the validation system also processes the call signaling to identify caller ID information for the call.
  • the validation system then processes the originating node information and the caller ID information to determine whether the call originated from the originating node. If the call did originate from the originating node, then the validation system determines that the caller ID information is valid.
  • CLI spoofing is not considered a risk for communications between parties within the home network of an individual network operator, e.g., a communication wherein the end-user accesses his/her voice mail from within the network, or a communication wherein the user accesses, from within the home network, other network services that involve the CLI. Examples of the latter are a customer service, and a self-care voice portal (a voice-equivalent of a Web portal through which customers can interact with automated services via voice commands or via keyboard commands using Dual-Tone MultiFrequency signaling over the telephone line in the voice-frequency band.
  • CLI spoofing is considered a risk for incoming calls into the home network, e.g., calls originating in VoIP networks.
  • the originating network usually routes its calls via one or more transit networks. As a result, the originating network cannot be determined anymore at the entry point of the home network, and any incoming call could therefore have originated at an untrusted VoIP network.
  • the inventors have realized that the input of passwords for access of voice mail or other CLI-based services is rather cumbersome as perceived by the end-user.
  • the end-user has to remember his/her password, and the entering thereof costs extra time that in turn increases the costs of the network connection.
  • the user may have forgotten his/her password so that the call will not succeed, leading to a loss of revenue to the operator.
  • the known system disclosed in WO2008082489 requires that the network nodes involved be configured for creating and communicating the relevant call signaling parameters via the network.
  • the inventors therefore propose to facilitate accessing of CLI-based network services of the home network from another CAMEL-based network without jeopardizing security against CLI-spoofing.
  • the inventors also propose to accomplish this with minimum modification to the network components involved.
  • a proposal by the inventors relates to a method of controlling access of a mobile communication device to a service on a home network via a connection from outside the communication network.
  • the device is, e.g., a mobile telephone.
  • the home network comprises, e.g., a mobile network.
  • the service includes, e.g., a voice mail service; a help desk service; a self care voice portal, etc.
  • the device is configured for issuing a unique identifier for identifying the device to the service.
  • the method comprises following steps. If the identifier is received from outside the home network and over a secure signaling channel, a first time stamp is stored in a memory. The first time stamp is representative of a first time of receipt of the identifier.
  • a second time stamp is generated when a part of the connection has been set up to a node on the home network.
  • the node comprises, e.g., a switch or a server supplying the service. Then, if a time difference between the second time and first time falls within a predetermined time window, the identifier is authorized and a first instruction is issued to the node, to establish an unconditional access of the device to the service. For example, in the call set-up from the node to the service, an indicator is used to inform the service that the identifier is valid and that therefore unconditional access can be granted. If the time difference falls outside the predetermined time window, the identifier is not authorized and a second instruction is issued to the node to establish a conditional access of the device to the service.
  • an indicator is used to inform the service that the identifier could not be authorized and that the service has therefore to act accordingly, e.g., by asking for a password or the PIN-code or by denying access immediately.
  • a user of a legitimate device registered with the service is given unconditional access upon initiating the connection from another network providing a secure data channel, e.g., another CAMEL-based network.
  • the user's authorization is not questioned as a result of having received the identifier via the secure signaling channel.
  • Data on the secure channel cannot be manipulated by an imposter. If the user of the legitimate device connects to the communication network from another communication network without a secure channel, there will never be generated a first time stamp. As a result, the time difference falls outside the window and the access given is conditional, e.g., dependent on a password. If an imposter connects to the home communication network from another communication network not providing the secure signaling channel, access to the service is denied if the imposter cannot provide the password.
  • Fig.1 is a block diagram of a system 100 explaining operation of a mobile telephone communication between a home network 102 and a CAMEL-based roaming network (106).
  • Home network 102 is a first telecommunications network 102 of a first network operator, to whose services a user of mobile telecommunications device 104, e.g., a mobile phone, has subscribed.
  • Network 102 has a first geographical coverage. The geographical region covered by network 102 is also called the service area of network 102.
  • the operator of network 102 has established CAMEL-agreements with some, but not necessarily all, operators of roaming networks.
  • CAMEL-based roaming network 106 is a second telecommunications network 106 of a second operator. The geographical region covered by network 106 is called the service area of network 106.
  • the operator of network 102 has established a CAMEL-agreement with the operator of network 106.
  • the user of device 104 has left the service area of network 102 and roams on network 106, he/she can still be using device 104 for communicating with other people residing in network 102 (or in other networks, not shown), e.g., with the user of a mobile telecommunications device 108 or with a user of a landline telephone 110 via public switched telephone network (PSTN) 112 and transit network 113.
  • PSTN public switched telephone network
  • device 104 Assume that the user of device 104 turns on device 104 for the first time while being in the service area of network 106 or is entering the service area of network 106 while device 104 is roaming on another network. Visited network 106 then detects the presence of device 104 and will then start an authentication procedure. If turned-on, device 104 transmits its identifier (here: its IMSI (International Mobile Subscriber Identity) number. This authentication identifier is received by a base station 114, and forwarded via a base station controller (BSC) 116 to a mobile switching center (MSC) 118 of network 106. This IMSI number is unique to device 104. For a mobile phone, it is typically stored in the phone's SIM (subscriber identity module).
  • SIM subscriber identity module
  • Network 106 maintains a database 122 (referred to as "Visitor Location Register” (VLR), based on IMSI numbers of all mobile telecommunications devices currently active within the service area of network 106.
  • VLR 122 stores records of information about the active mobile telecommunications devices, e.g., their IMSI number and MSISDN (Mobile Subscriber Integrated Services Digital Network) number; the kind of services that each of these devices is authorized to use.
  • the IMSI number and MSISDN number are two important numbers to identify a mobile telephone.
  • the IMSI number is typically used as a key in the subscriber database (see “HLR 126" introduced below).
  • the MSISDN number is typically used as the identifier towards a voicemail system.
  • the MSISDN number is usually also the number that is dialed in order to make a call to that mobile telephone.
  • VLR 122 identifies the relevant home network of a detected device on the basis of the IMSI number received by network 106.
  • the home network of device 104 is network 102.
  • VLR 122 uses the IMSI number received from device 104 to access a database 126 (referred to as Home Location Register, or: HLR) of home network 102 and requests information about the privileges of device 104.
  • HLR 126 maintains records specifying this kind of information for each individual subscriber to the services of home network 102.
  • HLR 126 and the Subscriber Identity Module (SIM) (not shown) in device 104 start a procedure referred to as "GSM authentication procedure".
  • SIM Subscriber Identity Module
  • HLR 126 returns, upon completion of the authentication procedure, to VLR 122 the information needed for VLR 122 to determine whether or not device 104 is authorized to roam network 106 and the kind of services it is allowed to use, and for what services the home network needs to be contacted prior to execution of the services. For example, HLR 126 returns information to VLR 122 about how to proceed in case device 102 attempts to set-up a call.
  • HLR 126 provides trigger data to VLR 122 for instructing MSC 118 to contact Intelligent Network (IN) 124 of home network 102 in case device 104 attempts to set-up a call, and for instructing MSC 118 to await further instructions from IN 124.
  • Communication between MSC 118 in network 106 and IN 124 in network 102 uses a secure signaling channel, as does the communication between VLR 122 in network 106 and HLR in network 102.
  • the communication between MSC 118 and IN 124, and the communication between VLR 122 and HLR 126 uses a closed signaling network 125.
  • MSC 118 uses the trigger data received from VLR 122 and consults IN 124 in network 102 prior to setting up the call to the dialed destination.
  • IN 124 analyses the information received from MSC 118 and in this case could determine that no special action is required.
  • IN 124 will then instruct MSC 118 to set-up the call to the intended destination based on the number originally dialed by the user of device 104.
  • MSC 118 sets up the call to telephone 110 via a transit network 113 and via PSTN 112. If device 108 is the intended destination, MSC 118 sets up the call to device 108 via transit network 113 and via an MSC 128 of network 102. The call is then routed from MSC 128 to a BSC 130 of network 102 and a base station 132 of network 102.
  • device 104 registered with network 102, is used to access, from network 106, a CLI-based service in network 102, e.g., the voice mail addressed to device 104.
  • the voice mails are stored at a voice mail server 134 in network 102.
  • the user of device 104 enters the network address of his voice mail, either a complete telephone number or only the short code.
  • the short code to access one's voice mail on the network of KPN in the Netherlands is "1233”
  • the complete telephone number to be dialed is "+31 (0)6 1200 1233".
  • the call is set up via MSC 118.
  • MSC 118 upon receiving the request to set up a call from device 104, MSC 118 asks IN 124 for instructions about how to handle the call.
  • IN 124 instructs MSC 118 to set up the call with voice mail system 134 using the proper network address of server 134.
  • the proper network address is in this example "+31-6-1200-1233". If the user has dialed the short code number instead, e.g., "1233" in the example above, IN 124 instructs MSC 118 to connect the call to "+31-6-1200-1233".
  • the call will be set-up from MSC 118 via transit network 113 and MSC 128 to server 134.
  • Fig.2 is a flow diagram 200 summarizing the steps in the scenario discussed above with reference to Fig.1 . It is assumed that the presence of device 104 has been detected and that VLR 122 has received the trigger data from HLR 126 in order to be capable to instruct MSC 118 to contact IN 124 of home network 102 upon device 104 initiating a call.
  • MSC 118 detects that device 104 is initiating a call to a specific destination.
  • MSC 118 contacts IN 124 to ask instructions about how to handle the call.
  • IN 124 checks the records and returns, in a step 206, specific instructions as to how to handle the call, if any.
  • MSC 118 sets up the call via transit network 113 and MSC 128.
  • MSC 128 routes the call to device 108.
  • Device 136 that is posing as device 104 using CLI spoofing in order to access the voice mails addressed to the user of device 104.
  • Device 136 is manipulated to initiate a call wherein the string of data is identical to the CLI associated with device 104 so as to mislead network 102.
  • Device 136 is, e.g., a personal computer (PC) using voice-over-IP (VoIP) protocol.
  • PC personal computer
  • VoIP voice-over-IP
  • the operator of network 102 could build-in an additional barrier, by giving conditional access to the voice mail upon receiving the correct password (e.g., PIN) as registered for the user of device 104.
  • PIN password
  • the service would then be perceived as not so user-friendly and, as a result, network traffic, generated from voice mail accesses from another network, would significantly drop as would the revenues for the network operator derived from accesses from outside network 102.
  • the inventor proposes, among other things, to avoid that the user of device 104 has to enter a password when calling from another CAMEL-based network to a CLI-based service on his/her home network that is CAMEL-based as well, and at the same time to provide security against CLI spoofing. This is explained with reference to Figs. 1 and 3 .
  • Fig.3 is a flow diagram 300 illustrating the steps in a process of setting up a call to a service, here voice mail service 134, according to the invention and involving CAMEL-based networks 102 and 106.
  • the steps that diagram 300 has in common with diagram 200 are indicated with the same reference numerals.
  • MSC 118 detects that device 104 is initiating a call.
  • MSC 118 contacts IN 124 to ask instructions about how to handle the call.
  • a CLI-based service number has been dialed and stores the identifier (the MSISDN number in this case) of device 104 and the service number in a local memory (not shown), together with a first time stamp representative of the time T 1 of receipt of the identifier via the secure channel between network 102 and network 106.
  • IN 124 instructs MSC 118 to set up the call to the international service number, and in step 208, MSC 118 sets up the call to MSC 128.
  • MSC 128 contacts IN 124 with the received identifier of device 104 (the MSISDN). MSC 128 has been programmed in advance with rules that are triggered by service numbers being dialed.
  • IN 124 receives from MSC 128 the identifier of the device for which the call has been set as far as MSC 128 together with the service number used. IN 124 generates a second time stamp for a time T 2 at which the call has been set up as far as MSC 128. In a step 308, IN 124 determines whether the identifier was stored previously in step 302. If not, IN 124 instructs MSC 128 in a step 310 to establish the connection to voice mail server 134 in a conditional mode. That is, in order to access the voice mail at server 134 during this connection, the user of the connected device only has conditional access to voice mail server 134 upon complying with a predetermined condition, for example upon entering a password.
  • Voice mail server 134 is thus instructed by MSC 128 to assume the conditional mode.
  • Server 134 assumes the conditional mode on the basis of information coded by MSC 128 in the service number used to address server 134, e.g., on the basis of MSC 128 addressing server 134 with a prefix P 1 placed in front of the service number or of MSC 128 addressing server 134 by the long access code.
  • IN 124 determines if the difference between T 2 and T 1 is smaller than a predetermined threshold T.
  • the value of T is typically set to a value representative of the time period needed by MSC 118 and MSC 128 to complete setting up the call.
  • a typical value of T lies in the order of a few seconds. If the difference is not smaller than threshold T, the process proceeds to step 310 providing conditional access to service 134, as mentioned above. If the difference is smaller than threshold T, the process goes to a step 314 wherein IN 124 instructs MSC 128 to connect to server 134 in the unconditional mode, i.e., a mode wherein the caller has direct access to the service. Server 134 assumes the unconditional mode based on information coded by MSC 128 in the service number used to address server 134, e.g., based on MSC 128 addressing server 134 with a prefix P 2 (different from P 1 ) in front of the service number or on MSC 128 addressing server 134 by the short access code.
  • P 2 different from P 1
  • step 302 there is never generated a first time stamp in step 302 or no recent timestamp available if the user of legitimate device 104 connects to network 102 from a communication network without a secure channel, e.g., a non-CAMEL-based network.
  • the process will go from step 308 to step 310.
  • Access to service 134 is given in the conditional mode, e.g., dependent on a password. If a spoofing imposter 136 connects to network 102 from a non-CAMEL-based network, access to the service is conditional. Access is then denied if imposter 136 does not know the password.
  • IN 124 is extended with an anti-CLI-spoofing component 138 that carries out the activities specified above in steps 302-314.
  • Component 138 can be a separate piece of data processing hardware or a dedicated piece of software for being installed on the data processing system serving as IN 124, or a combination of hardware and software.
  • adding an IN-application such as anti-CLI spoofing is merely a matter of installing a piece of software.
  • the decision to give either conditional access or unconditional access to server 134 is made by IN 124 at the time when the connection has been set up to MSC 128.
  • the decision is made by IN 124 at the time the connection to the service has been set up.
  • server 134 itself is instructed by IN 124 to either give conditional access or unconditional access. This may require that each individual server accessed from MSC 128 sets up its own interface to IN 124 in order to process the relevant instructions. This latter option introduces some more complexity into the system.
  • the implementation is much less cumbersome and much less expensive, as merely the information, about which one of the conditional and unconditional modes to assume, is coded into the called-party number.

Description

    FIELD OF THE INVENTION
  • The invention relates to controlling access of a mobile communication device to a service on a communication network via a connection from outside the communication network. The invention also relates to a data processing apparatus and to control software for controlling the access.
    • BACKGROUND ART
  • The caller identification (Caller ID) function in a telecommunications network is a service that provides information to the called party or to the called service about an identity of the calling party. The Caller ID function is also referred to as "Calling Line Identification" (CLI) or "Calling Party Id". CLI enables the called party or called service to identify and authorize the calling party. Caller ID is a simple string of data that can easily be generated by a small software program. Telemarketers and others have been using a feature to interfere with the CLI function so as to change their identity or hide their identity from the called party. "Caller ID" spoofing and "CLI spoofing" are expressions given to this practice of causing the telecommunications network to provide to the called party identity information that is different from the identity information from the actual originating party. CLI spoofing is not only abused to trick a called party into answering the telephone, but also to access someone else's voice mail in a voice mail system that uses CLI for identification.
  • CLI spoofing is not a risk if the initiating call originates within the operator's network, as the integrity of the CLI is guaranteed. There is a risk, however, if the initiating call is generated in another network than the home network of the operator, as the CLI can have been manipulated. For example, the CLI can be manipulated in external voice-over-IP (VoIP) networks. As a consequence, there is a risk that any call entering the home network has a CLI that has been manipulated.
  • Mobile telephone networks have been adopting an infrastructure, referred to as "CAMEL", for controlling calls. The acronym "CAMEL" stands for Customised Applications for Mobile networks Enhanced Logic, which is an ETSI/3GPP standard. CAMEL refers to a set of standards designed to work on a GSM or UMTS network. The standards allow an operator to define services on top of the conventional GSM or UMTS services. The CAMEL architecture itself is based on Intelligent Network (IN) standards. The IN architecture is intended for fixed telecommunications networks, as well as mobile telecommunications networks. The IN standards use the Signaling System #7 (SS7) protocol between telephone network switching centers and other network nodes owned by network operators. SS7 is a high-speed and high-performance packet-based communications protocol for controlling the call. In SS7, the signaling is out-of band and is carried in a separate signaling channel to which the end user has no access. The signaling path of SS7 is logically separated and distinct from the channels that carry the voice conversation. The control over the call, as provided by the network switches, is separated from the control over the service. Service control is assigned to computer nodes in the network. Accordingly, a CAMEL-based network provides a high level of security and CLI spoofing within a CAMEL-based network is considered a very low risk, if any at all. Furthermore, CAMEL allows mobile telephone network operators to offer the same IN services to their subscribers while they are roaming other CAMEL-based networks as they receive in their home CAMEL-based network, i.e., the network of the operator to whom they have subscribed.
  • A commonly applied defense mechanism to counter CLI spoofing when used to access voice mail from outside the operator's network is to request the accessing party to enter a secret password shared between the owner of the voice mail account and the voice mail system. The password is, e.g., a numeric password such as a personal identification number (PIN), or a combination of the PIN and the telephone number of the communications device associated with the account. Similarly, the password can be used for protection of other network services that are based on CLI such as customer service of the network operator, a help-desk service, a self-care voice portal, etc. However,as shown in "Cell phone voicemail easily hacked". [Online] 28 Febrary 2005 at MSNBC com, at http://www.msnbc.msn.com/id/7046776/ print/1/displaymode/1098/ by Bob Sullivan, many cell phone providers offer users of voice mail the ability to opt out of providing a passcode or code number when accessing their voice mail with the result that many users have turned off their passcode functionality to save time when accessing their own voice mail. This leaves their voice mails vulnerable to hacking from external third parties with ill intent.
  • Another approach is disclosed both in WO2008082489 and US 2008/0159501 that relates to Caller ID validation methods and system to protect against Caller ID spoofing. When a call is placed over a communication network, a validation system receives the call signaling, and processes the call signaling to identify originating node information in the call signaling. The originating node information is inserted by the communication network when handling the call and pertains to a network node that originates the call into the network. The validation system also processes the call signaling to identify caller ID information for the call. The validation system then processes the originating node information and the caller ID information to determine whether the call originated from the originating node. If the call did originate from the originating node, then the validation system determines that the caller ID information is valid.
  • For background information about spoofing, please see, e.g., US 20080089501 ; US 20070081648 ; US 20020098829 ; and US 7,342,926 .
  • For background information on IN please see, e.g., US 20080155021 .
  • For background information on CAMEL networks, please see, e.g., W02008/17951 ; W02007/126995 ; and WO2003036994 .
  • For background information on transit networks, please see, e.g., US 20080101568 ; and WO 2003/036994 .
  • For background information on aspects of roaming, please see, e.g., WO 2006133720 ; WO2007002524 ; WO2003055249 ; EP1106025 ; EP1933572 ; and US 6,804505 .
    • SUMMARY OF THE INVENTION
  • As mentioned above, CLI spoofing is not considered a risk for communications between parties within the home network of an individual network operator, e.g., a communication wherein the end-user accesses his/her voice mail from within the network, or a communication wherein the user accesses, from within the home network, other network services that involve the CLI. Examples of the latter are a customer service, and a self-care voice portal (a voice-equivalent of a Web portal through which customers can interact with automated services via voice commands or via keyboard commands using Dual-Tone MultiFrequency signaling over the telephone line in the voice-frequency band. On the other hand, CLI spoofing is considered a risk for incoming calls into the home network, e.g., calls originating in VoIP networks. The originating network usually routes its calls via one or more transit networks. As a result, the originating network cannot be determined anymore at the entry point of the home network, and any incoming call could therefore have originated at an untrusted VoIP network.
  • The inventors have realized that the input of passwords for access of voice mail or other CLI-based services is rather cumbersome as perceived by the end-user. The end-user has to remember his/her password, and the entering thereof costs extra time that in turn increases the costs of the network connection. In many cases, the user may have forgotten his/her password so that the call will not succeed, leading to a loss of revenue to the operator.
  • Furthermore, the known system disclosed in WO2008082489 , mentioned above, requires that the network nodes involved be configured for creating and communicating the relevant call signaling parameters via the network.
    The inventors therefore propose to facilitate accessing of CLI-based network services of the home network from another CAMEL-based network without jeopardizing security against CLI-spoofing. The inventors also propose to accomplish this with minimum modification to the network components involved.
  • A proposal by the inventors relates to a method of controlling access of a mobile communication device to a service on a home network via a connection from outside the communication network. The device is, e.g., a mobile telephone. The home network comprises, e.g., a mobile network. The service includes, e.g., a voice mail service; a help desk service; a self care voice portal, etc. The device is configured for issuing a unique identifier for identifying the device to the service. The method comprises following steps. If the identifier is received from outside the home network and over a secure signaling channel, a first time stamp is stored in a memory. The first time stamp is representative of a first time of receipt of the identifier. A second time stamp is generated when a part of the connection has been set up to a node on the home network. The node comprises, e.g., a switch or a server supplying the service. Then, if a time difference between the second time and first time falls within a predetermined time window, the identifier is authorized and a first instruction is issued to the node, to establish an unconditional access of the device to the service. For example, in the call set-up from the node to the service, an indicator is used to inform the service that the identifier is valid and that therefore unconditional access can be granted. If the time difference falls outside the predetermined time window, the identifier is not authorized and a second instruction is issued to the node to establish a conditional access of the device to the service. For example, in the call set-up from the node to the service, an indicator is used to inform the service that the identifier could not be authorized and that the service has therefore to act accordingly, e.g., by asking for a password or the PIN-code or by denying access immediately.
  • Accordingly, a user of a legitimate device registered with the service is given unconditional access upon initiating the connection from another network providing a secure data channel, e.g., another CAMEL-based network. The user's authorization is not questioned as a result of having received the identifier via the secure signaling channel. Data on the secure channel cannot be manipulated by an imposter. If the user of the legitimate device connects to the communication network from another communication network without a secure channel, there will never be generated a first time stamp. As a result, the time difference falls outside the window and the access given is conditional, e.g., dependent on a password. If an imposter connects to the home communication network from another communication network not providing the secure signaling channel, access to the service is denied if the imposter cannot provide the password.
  • The invention is carried out according to independent claims 1,5 and 6.
    • BRIEF DESCRIPTION OF THE DRAWING
  • The invention is explained in further detail, by way of example and with reference to the accompanying drawing, wherein:
    • Fig.1 is a block diagram of a system illustrating communication between a home communications network and a CAMEL-based network;
    • Fig.2 is a flow diagram illustrating the communication steps in the system of Fig.1; and
    • Fig.3 is a flow diagram illustrating the method of the invention.
  • Throughout the Figures, similar or corresponding features are indicated by same reference numerals.
    • DETAILED EMBODIMENTS
  • Fig.1 is a block diagram of a system 100 explaining operation of a mobile telephone communication between a home network 102 and a CAMEL-based roaming network (106). Home network 102 is a first telecommunications network 102 of a first network operator, to whose services a user of mobile telecommunications device 104, e.g., a mobile phone, has subscribed. Network 102 has a first geographical coverage. The geographical region covered by network 102 is also called the service area of network 102. The operator of network 102 has established CAMEL-agreements with some, but not necessarily all, operators of roaming networks. CAMEL-based roaming network 106 is a second telecommunications network 106 of a second operator. The geographical region covered by network 106 is called the service area of network 106. The operator of network 102 has established a CAMEL-agreement with the operator of network 106.
  • If the user of device 104 has left the service area of network 102 and roams on network 106, he/she can still be using device 104 for communicating with other people residing in network 102 (or in other networks, not shown), e.g., with the user of a mobile telecommunications device 108 or with a user of a landline telephone 110 via public switched telephone network (PSTN) 112 and transit network 113. This is due to the roaming agreements between the network operators and to the supporting infrastructure of networks 102 and 106 as will be explained below.
  • Assume that the user of device 104 turns on device 104 for the first time while being in the service area of network 106 or is entering the service area of network 106 while device 104 is roaming on another network. Visited network 106 then detects the presence of device 104 and will then start an authentication procedure. If turned-on, device 104 transmits its identifier (here: its IMSI (International Mobile Subscriber Identity) number. This authentication identifier is received by a base station 114, and forwarded via a base station controller (BSC) 116 to a mobile switching center (MSC) 118 of network 106. This IMSI number is unique to device 104. For a mobile phone, it is typically stored in the phone's SIM (subscriber identity module). Network 106 maintains a database 122 (referred to as "Visitor Location Register" (VLR), based on IMSI numbers of all mobile telecommunications devices currently active within the service area of network 106. VLR 122 stores records of information about the active mobile telecommunications devices, e.g., their IMSI number and MSISDN (Mobile Subscriber Integrated Services Digital Network) number; the kind of services that each of these devices is authorized to use. As known, the IMSI number and MSISDN number are two important numbers to identify a mobile telephone. The IMSI number is typically used as a key in the subscriber database (see "HLR 126" introduced below). The MSISDN number is typically used as the identifier towards a voicemail system. The MSISDN number is usually also the number that is dialed in order to make a call to that mobile telephone.
  • In order to obtain this information, VLR 122 identifies the relevant home network of a detected device on the basis of the IMSI number received by network 106. The home network of device 104 is network 102. VLR 122 uses the IMSI number received from device 104 to access a database 126 (referred to as Home Location Register, or: HLR) of home network 102 and requests information about the privileges of device 104. HLR 126 maintains records specifying this kind of information for each individual subscriber to the services of home network 102. In order to authorize device 104 on the basis of the IMSI number, HLR 126 and the Subscriber Identity Module (SIM) (not shown) in device 104 start a procedure referred to as "GSM authentication procedure". In this procedure, cryptographic information is exchanged between the SIM of device 104 and HLR 126. Since network 102 and network 106 have conclude a CAMEL Roaming Agreement, HLR 126 returns, upon completion of the authentication procedure, to VLR 122 the information needed for VLR 122 to determine whether or not device 104 is authorized to roam network 106 and the kind of services it is allowed to use, and for what services the home network needs to be contacted prior to execution of the services. For example, HLR 126 returns information to VLR 122 about how to proceed in case device 102 attempts to set-up a call. HLR 126 provides trigger data to VLR 122 for instructing MSC 118 to contact Intelligent Network (IN) 124 of home network 102 in case device 104 attempts to set-up a call, and for instructing MSC 118 to await further instructions from IN 124. Communication between MSC 118 in network 106 and IN 124 in network 102 uses a secure signaling channel, as does the communication between VLR 122 in network 106 and HLR in network 102. For example, the communication between MSC 118 and IN 124, and the communication between VLR 122 and HLR 126 uses a closed signaling network 125.
  • Consider the scenario wherein the user of device 104, while roaming in network 106 (the visited network), wants to make a call to the user of device 108 on network 102 (the home network) or to the user of landline telephone 110.
  • When device 104 dials a telephone number for placing a telephone call from its current location, i.e., within network 106, MSC 118 uses the trigger data received from VLR 122 and consults IN 124 in network 102 prior to setting up the call to the dialed destination. IN 124 analyses the information received from MSC 118 and in this case could determine that no special action is required. IN 124 will then instruct MSC 118 to set-up the call to the intended destination based on the number originally dialed by the user of device 104.
  • If fixed landline telephone 110 is the intended destination, MSC 118 sets up the call to telephone 110 via a transit network 113 and via PSTN 112. If device 108 is the intended destination, MSC 118 sets up the call to device 108 via transit network 113 and via an MSC 128 of network 102. The call is then routed from MSC 128 to a BSC 130 of network 102 and a base station 132 of network 102.
  • Now consider a scenario, wherein device 104, registered with network 102, is used to access, from network 106, a CLI-based service in network 102, e.g., the voice mail addressed to device 104. The voice mails are stored at a voice mail server 134 in network 102. The user of device 104 enters the network address of his voice mail, either a complete telephone number or only the short code. For example, the short code to access one's voice mail on the network of KPN in the Netherlands is "1233", whereas the complete telephone number to be dialed is "+31 (0)6 1200 1233".
  • As device 104 is located within the service area of network 106, the call is set up via MSC 118. As specified above, upon receiving the request to set up a call from device 104, MSC 118 asks IN 124 for instructions about how to handle the call. IN 124 instructs MSC 118 to set up the call with voice mail system 134 using the proper network address of server 134. The proper network address is in this example "+31-6-1200-1233". If the user has dialed the short code number instead, e.g., "1233" in the example above, IN 124 instructs MSC 118 to connect the call to "+31-6-1200-1233". The call will be set-up from MSC 118 via transit network 113 and MSC 128 to server 134.
  • Fig.2 is a flow diagram 200 summarizing the steps in the scenario discussed above with reference to Fig.1. It is assumed that the presence of device 104 has been detected and that VLR 122 has received the trigger data from HLR 126 in order to be capable to instruct MSC 118 to contact IN 124 of home network 102 upon device 104 initiating a call. In a step 202, MSC 118 detects that device 104 is initiating a call to a specific destination. In a step 204, MSC 118 contacts IN 124 to ask instructions about how to handle the call. IN 124 checks the records and returns, in a step 206, specific instructions as to how to handle the call, if any. In a step 208, MSC 118 sets up the call via transit network 113 and MSC 128. In a step 210, MSC 128 routes the call to device 108.
  • Assume now a communication device 136 that is posing as device 104 using CLI spoofing in order to access the voice mails addressed to the user of device 104. Device 136 is manipulated to initiate a call wherein the string of data is identical to the CLI associated with device 104 so as to mislead network 102. Device 136 is, e.g., a personal computer (PC) using voice-over-IP (VoIP) protocol. Without further measures, device 136 masquerading as device 104 will now be given access to the voice mail at server 134, on the basis of the CLI adopted by device 136. The operator of network 102 could build-in an additional barrier, by giving conditional access to the voice mail upon receiving the correct password (e.g., PIN) as registered for the user of device 104. As mentioned above, this is a solution that has a drawback as it would hamper the legitimate user each time he/she accesses his/her voice mail. The service would then be perceived as not so user-friendly and, as a result, network traffic, generated from voice mail accesses from another network, would significantly drop as would the revenues for the network operator derived from accesses from outside network 102.
  • The inventor proposes, among other things, to avoid that the user of device 104 has to enter a password when calling from another CAMEL-based network to a CLI-based service on his/her home network that is CAMEL-based as well, and at the same time to provide security against CLI spoofing. This is explained with reference to Figs. 1 and 3.
  • Fig.3 is a flow diagram 300 illustrating the steps in a process of setting up a call to a service, here voice mail service 134, according to the invention and involving CAMEL-based networks 102 and 106. The steps that diagram 300 has in common with diagram 200 are indicated with the same reference numerals. In step 202, MSC 118 detects that device 104 is initiating a call. In step 204, MSC 118 contacts IN 124 to ask instructions about how to handle the call. In a step 302 IN 124 recognizes that a CLI-based service number has been dialed and stores the identifier (the MSISDN number in this case) of device 104 and the service number in a local memory (not shown), together with a first time stamp representative of the time T1 of receipt of the identifier via the secure channel between network 102 and network 106. In step 206 IN 124 instructs MSC 118 to set up the call to the international service number, and in step 208, MSC 118 sets up the call to MSC 128. In a step 304, MSC 128 contacts IN 124 with the received identifier of device 104 (the MSISDN). MSC 128 has been programmed in advance with rules that are triggered by service numbers being dialed. In a step 306, IN 124 receives from MSC 128 the identifier of the device for which the call has been set as far as MSC 128 together with the service number used. IN 124 generates a second time stamp for a time T2 at which the call has been set up as far as MSC 128. In a step 308, IN 124 determines whether the identifier was stored previously in step 302. If not, IN 124 instructs MSC 128 in a step 310 to establish the connection to voice mail server 134 in a conditional mode. That is, in order to access the voice mail at server 134 during this connection, the user of the connected device only has conditional access to voice mail server 134 upon complying with a predetermined condition, for example upon entering a password. Voice mail server 134 is thus instructed by MSC 128 to assume the conditional mode. Server 134 assumes the conditional mode on the basis of information coded by MSC 128 in the service number used to address server 134, e.g., on the basis of MSC 128 addressing server 134 with a prefix P1 placed in front of the service number or of MSC 128 addressing server 134 by the long access code. On the other hand, if the identifier was stored in step 302, IN 124 determines if the difference between T2 and T1 is smaller than a predetermined threshold T. The value of T is typically set to a value representative of the time period needed by MSC 118 and MSC 128 to complete setting up the call. A typical value of T lies in the order of a few seconds. If the difference is not smaller than threshold T, the process proceeds to step 310 providing conditional access to service 134, as mentioned above. If the difference is smaller than threshold T, the process goes to a step 314 wherein IN 124 instructs MSC 128 to connect to server 134 in the unconditional mode, i.e., a mode wherein the caller has direct access to the service. Server 134 assumes the unconditional mode based on information coded by MSC 128 in the service number used to address server 134, e.g., based on MSC 128 addressing server 134 with a prefix P2 (different from P1) in front of the service number or on MSC 128 addressing server 134 by the short access code.
  • Note that there is never generated a first time stamp in step 302 or no recent timestamp available if the user of legitimate device 104 connects to network 102 from a communication network without a secure channel, e.g., a non-CAMEL-based network. As a result, the process will go from step 308 to step 310. Access to service 134 is given in the conditional mode, e.g., dependent on a password. If a spoofing imposter 136 connects to network 102 from a non-CAMEL-based network, access to the service is conditional. Access is then denied if imposter 136 does not know the password.
  • In order to accomplish above process, IN 124 is extended with an anti-CLI-spoofing component 138 that carries out the activities specified above in steps 302-314. Component 138 can be a separate piece of data processing hardware or a dedicated piece of software for being installed on the data processing system serving as IN 124, or a combination of hardware and software. Typically, if an operator already has an IN system, adding an IN-application such as anti-CLI spoofing, is merely a matter of installing a piece of software.
  • Note that the decision to give either conditional access or unconditional access to server 134 is made by IN 124 at the time when the connection has been set up to MSC 128. In an alternative embodiment, the decision is made by IN 124 at the time the connection to the service has been set up. In that case, server 134 itself is instructed by IN 124 to either give conditional access or unconditional access. This may require that each individual server accessed from MSC 128 sets up its own interface to IN 124 in order to process the relevant instructions. This latter option introduces some more complexity into the system. In the embodiment of the invention discussed with reference to Figs 1-3, the implementation is much less cumbersome and much less expensive, as merely the information, about which one of the conditional and unconditional modes to assume, is coded into the called-party number.

Claims (6)

  1. A method of controlling access of a mobile communication device (104) to a CLI-based service (134) on a communication network (102) via a connection from outside the communication network, wherein
    the method comprises:
    issuing, by the device, a unique identifier for identifying the device to the service;
    if the identifier is received from outside the communication network and over a secure signaling channel (125), storing (302) in a memory a first time stamp, representative of a first time of receipt of the identifier;
    setting up (208) the connection and generating (306) a second time stamp representative of a second time at which the connection is established to a node (128) on the communication network;
    issuing (314) a first instruction to the node to establish unconditional access of the device to the service if a time difference between the second time and first time falls within a predetermined time window; and
    issuing (310) a second instruction to the node to grant conditional access of the device to the service if the time difference falls outside the predetermined time window.
  2. The method of claim 1, wherein the service comprises at least one of: a voice mail service; a help desk service; and a self care voice portal.
  3. The method of claim 1 or 2, wherein the node comprises a network switch.
  4. The method of claim 1 or 2, wherein the node comprises a server providing the service.
  5. A data processing system with Service Control Point functionality and configured for controlling access of a mobile communication device (104) to a CLI-based service (134) on a communication network (102) via a connection from outside the communication network, wherein:
    the device is configured for issuing a unique identifier for identifying the device to the service; and
    the system comprises a memory and is configured for carrying out following steps:
    if the identifier is received from outside the communication network and over a secure signaling channel (125), storing (302) in the memory a first time stamp, representative of a first time of receipt of the identifier;
    setting up (208) the connection and generating (306) a second time stamp representative of a second time at which the connection is established to a node (128) on the communication network;
    issuing (314) a first instruction to the node to establish unconditional access of the device to the service if a time difference between the second time and first time falls within a predetermined time window; and
    issuing (310) a second instruction to the node to grant conditional access of the device to the service if the time difference falls outside the predetermined time window.
  6. Control software on a data carrier for installing on a Service Control Point in a communication network for controlling access of a mobile communication device (104) to a CLI-based service (134) on a communication network (102) via a connection from outside the communication network, wherein:
    the software comprises:
    first computer-readable control code for storing (302) in a memory a first time stamp, representative of a first time of receipt of an identifier received from the device, wherein the identifier identifies the device, and if the identifier is received from outside the communication network and over a secure signaling channel (125);
    second computer-readable control code for setting up (208) the connection and generating (306) a second time stamp representative of a second time at which the connection is established to a node (128) on the communication network;
    third computer-readable control code for issuing (314) a first instruction to the node to establish unconditional access of the device to the service if a time difference between the second time and first time falls within a predetermined time window; and
    fourth computer-readable control code for issuing (310) a second instruction to the node to grant conditional access of the device to the service if the time difference falls outside the predetermined time window.
EP08018300A 2008-10-20 2008-10-20 Protection of services in mobile network against CLI-spoofing Active EP2178323B1 (en)

Priority Applications (5)

Application Number Priority Date Filing Date Title
EP08018300A EP2178323B1 (en) 2008-10-20 2008-10-20 Protection of services in mobile network against CLI-spoofing
ES08018300T ES2400166T3 (en) 2008-10-20 2008-10-20 Protection of services in a mobile network against impersonation of CLI
PL08018300T PL2178323T3 (en) 2008-10-20 2008-10-20 Protection of services in mobile network against CLI-spoofing
JP2009236789A JP4897864B2 (en) 2008-10-20 2009-10-14 Protection against CLI spoofing of services in mobile networks
US12/582,485 US8804932B2 (en) 2008-10-20 2009-10-20 Protection of services in mobile network against CLI spoofing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
EP08018300A EP2178323B1 (en) 2008-10-20 2008-10-20 Protection of services in mobile network against CLI-spoofing

Publications (2)

Publication Number Publication Date
EP2178323A1 EP2178323A1 (en) 2010-04-21
EP2178323B1 true EP2178323B1 (en) 2012-12-12

Family

ID=40792956

Family Applications (1)

Application Number Title Priority Date Filing Date
EP08018300A Active EP2178323B1 (en) 2008-10-20 2008-10-20 Protection of services in mobile network against CLI-spoofing

Country Status (5)

Country Link
US (1) US8804932B2 (en)
EP (1) EP2178323B1 (en)
JP (1) JP4897864B2 (en)
ES (1) ES2400166T3 (en)
PL (1) PL2178323T3 (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8578457B2 (en) * 2009-12-02 2013-11-05 Dmitry I. Kan Process of remote user authentication in computer networks to perform the cellphone-assisted secure transactions
LT5795B (en) * 2010-04-22 2011-12-27 Uab "Mediafon", , Telecommunication system and method for implementation of repetitive orders and for detectio of telecommunication pirates
US9760939B2 (en) * 2012-03-23 2017-09-12 The Toronto-Dominion Bank System and method for downloading an electronic product to a pin-pad terminal using a directly-transmitted electronic shopping basket entry
CN103634450A (en) * 2012-08-23 2014-03-12 中国电信股份有限公司 False caller number identification method, apparatus and system
US10034171B2 (en) 2015-10-14 2018-07-24 Sony Interactive Entertainment America Llc Secure device pairing
US10893069B2 (en) * 2016-04-06 2021-01-12 Nokia Technologies Oy Diameter edge agent attack detection
WO2019179728A1 (en) * 2018-03-21 2019-09-26 British Telecommunications Public Limited Company Calling party validation

Family Cites Families (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5844979A (en) 1995-02-16 1998-12-01 Global Technologies, Inc. Intelligent switching system for voice and data
US6411807B1 (en) * 1996-02-05 2002-06-25 At&T Wireless Service, Inc. Roaming authorization system
DK1106025T3 (en) 1998-08-11 2002-05-27 Swisscom Mobile Ag How to Provide Intelligent Network Support to a Mobile Subscriber
US6804505B1 (en) 1999-05-06 2004-10-12 Telefonaktiebolaget Lm Ericsson Mobile internet access
US6298234B1 (en) * 1999-05-18 2001-10-02 Telefonaktiebolaget L M Ericsson (Publ) System and method for providing access to the internet via a radio telecommunications network
FI110975B (en) 1999-12-22 2003-04-30 Nokia Corp Prevention of fraud in telecommunication systems
US6920487B2 (en) 1999-12-22 2005-07-19 Starhome Gmbh System and methods for global access to services for mobile telephone subscribers
JP2002223471A (en) * 2000-11-24 2002-08-09 Ntt Docomo Inc Position information transmitter, mobile terminal, communication system, communication method and recording medium, and program
US6778820B2 (en) 2001-01-19 2004-08-17 Tendler Cellular, Inc. Method and apparatus for assuring that a telephone wager is placed within the wagering jurisdiction
US7310733B1 (en) * 2001-01-29 2007-12-18 Ebay Inc. Method and system for maintaining login preference information of users in a network-based transaction facility
GB2381408A (en) 2001-10-26 2003-04-30 Orange Personal Comm Serv Ltd Transit network in which each route between switching nodes is via a single transit node
EP1457074A1 (en) 2001-12-21 2004-09-15 Nokia Corporation Intercepting a call connection to a mobile subscriber roaming in a visited plmn (vplmn)
JP4457859B2 (en) * 2004-11-16 2010-04-28 Kddi株式会社 User authentication method, system, authentication server, and communication terminal
JP2006195752A (en) * 2005-01-13 2006-07-27 Fuji Xerox Co Ltd Network device with time correcting function
US8155092B2 (en) 2005-06-11 2012-04-10 Telefonaktiebolaget L M Ericsson (Publ) Apparatus and method for selecting a visited network
CN101204113A (en) 2005-06-24 2008-06-18 摩托罗拉公司 Apparatus and method for home network search
US7974395B2 (en) * 2005-09-28 2011-07-05 Avaya Inc. Detection of telephone number spoofing
US8744052B2 (en) * 2005-12-01 2014-06-03 At&T Intellectual Property I, L.P. System and method for detecting false caller ID
TWI293002B (en) * 2006-02-23 2008-01-21 Benq Corp Method for remote controlling a mobile communication device
JP4793024B2 (en) * 2006-02-27 2011-10-12 Kddi株式会社 User authentication method, authentication server and system
US20070250884A1 (en) 2006-04-10 2007-10-25 Sbc Knowledge Ventures, Lp System and method of providing call source information
WO2008017951A2 (en) 2006-08-11 2008-02-14 Telefonaktiebolaget Lm Ericsson (Publ) Making a call by a prepaid subscriber roaming in a visited non-camel network
US20080089501A1 (en) 2006-10-16 2008-04-17 Lucent Technologies Inc. Caller ID spoofing
US8306199B2 (en) 2006-10-20 2012-11-06 Nokia Corporation Accounting in a transit network
US8717932B2 (en) * 2006-11-29 2014-05-06 Broadcom Corporation Method and system for determining and securing proximity information over a network
US8254541B2 (en) 2006-12-29 2012-08-28 Alcatel Lucent Validating caller ID information to protect against caller ID spoofing
JP4719701B2 (en) * 2007-02-15 2011-07-06 日本電信電話株式会社 COMMUNICATION CONTROL SYSTEM, COMMUNICATION DEVICE, AND COMMUNICATION CONTROL METHOD

Also Published As

Publication number Publication date
ES2400166T3 (en) 2013-04-08
EP2178323A1 (en) 2010-04-21
US20110091026A1 (en) 2011-04-21
US8804932B2 (en) 2014-08-12
JP4897864B2 (en) 2012-03-14
PL2178323T3 (en) 2013-05-31
JP2010136342A (en) 2010-06-17

Similar Documents

Publication Publication Date Title
EP2399405B1 (en) Non-validated emergency calls for all-ip 3gpp ims networks
EP2178323B1 (en) Protection of services in mobile network against CLI-spoofing
CN103179504B (en) User validation determination methods and device, user access the method and system of mailbox
US20090129371A1 (en) Method and system to enable mobile roaming over ip networks and local number portability
EP2564604B1 (en) Securely establishing presence on telecommunication devices
WO2008095918A1 (en) Support of uicc-less calls
JP5212071B2 (en) Communication device and mobile terminal
CN110324819A (en) The management method and management server of vice card terminal
KR20050051639A (en) Identity protection in a lan-universal radiotelephones system
KR19990063908A (en) How to Install Short Code Dialing Devices and Telecommunication Links
EP3105900B1 (en) Method and system for determining that a sim and a sip client are co-located in the same mobile equipment
US10404852B1 (en) Control of real-time communication sessions via a communication privilege control (CPC) system
JP5356395B2 (en) Method for provisioning mobile station and method for wireless communication with mobile station located in femtocell
KR20000039226A (en) Service searching method of mobile phone in roaming
KR102440411B1 (en) Method and apparatus for detecting abnormal roaming request
US20080014885A1 (en) System and method for delivering mobile services
RU2645287C2 (en) Virtual closed network
JP4952183B2 (en) Wireless communication apparatus and wireless communication method
CN110519460A (en) Prevent the safety communicating method and mobile terminal that mobile terminal is positioned
JP5454708B2 (en) Communication device
KR100998928B1 (en) Method for providing call connection information in mobile communication system
KR20020017224A (en) Method for automatic answering service providing in mobile communication system
JP2013102495A (en) Communication apparatus

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MT NL NO PL PT RO SE SI SK TR

AX Request for extension of the european patent

Extension state: AL BA MK RS

17P Request for examination filed

Effective date: 20101021

17Q First examination report despatched

Effective date: 20101115

AKX Designation fees paid

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MT NL NO PL PT RO SE SI SK TR

GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

GRAS Grant fee paid

Free format text: ORIGINAL CODE: EPIDOSNIGR3

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MT NL NO PL PT RO SE SI SK TR

REG Reference to a national code

Ref country code: GB

Ref legal event code: FG4D

REG Reference to a national code

Ref country code: CH

Ref legal event code: EP

REG Reference to a national code

Ref country code: AT

Ref legal event code: REF

Ref document number: 588853

Country of ref document: AT

Kind code of ref document: T

Effective date: 20121215

REG Reference to a national code

Ref country code: IE

Ref legal event code: FG4D

REG Reference to a national code

Ref country code: DE

Ref legal event code: R096

Ref document number: 602008020733

Country of ref document: DE

Effective date: 20130207

REG Reference to a national code

Ref country code: SE

Ref legal event code: TRGR

REG Reference to a national code

Ref country code: ES

Ref legal event code: FG2A

Ref document number: 2400166

Country of ref document: ES

Kind code of ref document: T3

Effective date: 20130408

REG Reference to a national code

Ref country code: NL

Ref legal event code: T3

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: NO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130312

Ref country code: LT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20121212

REG Reference to a national code

Ref country code: AT

Ref legal event code: MK05

Ref document number: 588853

Country of ref document: AT

Kind code of ref document: T

Effective date: 20121212

REG Reference to a national code

Ref country code: LT

Ref legal event code: MG4D

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LV

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20121212

Ref country code: SI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20121212

Ref country code: GR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130313

REG Reference to a national code

Ref country code: PL

Ref legal event code: T3

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: EE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20121212

Ref country code: IS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130412

Ref country code: SK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20121212

Ref country code: CZ

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20121212

Ref country code: AT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20121212

Ref country code: BG

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130312

Ref country code: BE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20121212

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: PT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130412

Ref country code: RO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20121212

PLBE No opposition filed within time limit

Free format text: ORIGINAL CODE: 0009261

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: DK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20121212

26N No opposition filed

Effective date: 20130913

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: HR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20121212

Ref country code: CY

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20121212

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20121212

REG Reference to a national code

Ref country code: DE

Ref legal event code: R097

Ref document number: 602008020733

Country of ref document: DE

Effective date: 20130913

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MC

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20121212

REG Reference to a national code

Ref country code: CH

Ref legal event code: PL

REG Reference to a national code

Ref country code: IE

Ref legal event code: MM4A

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LI

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20131031

Ref country code: CH

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20131031

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20131020

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: TR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20121212

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: HU

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT; INVALID AB INITIO

Effective date: 20081020

Ref country code: LU

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20131020

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20121212

REG Reference to a national code

Ref country code: FR

Ref legal event code: PLFP

Year of fee payment: 8

REG Reference to a national code

Ref country code: FR

Ref legal event code: PLFP

Year of fee payment: 9

REG Reference to a national code

Ref country code: FR

Ref legal event code: PLFP

Year of fee payment: 10

REG Reference to a national code

Ref country code: FR

Ref legal event code: PLFP

Year of fee payment: 11

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: SE

Payment date: 20181120

Year of fee payment: 12

Ref country code: PL

Payment date: 20181005

Year of fee payment: 11

REG Reference to a national code

Ref country code: FI

Ref legal event code: MAE

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: FI

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20191020

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: SE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20191021

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: ES

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20191021

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: PL

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20191020

P01 Opt-out of the competence of the unified patent court (upc) registered

Effective date: 20230517

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: NL

Payment date: 20231019

Year of fee payment: 16

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: GB

Payment date: 20231020

Year of fee payment: 16

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: FR

Payment date: 20231024

Year of fee payment: 16

Ref country code: DE

Payment date: 20231020

Year of fee payment: 16